sergioisidoro
commented
1 year ago I was about to take a shot at couple of fixes to improve this project that especially impact me (eg non US numbers and standardising phone numbers to E164), but seeing some critical issues like #131 taking months to merge, I decided to make a proposal based on this project in Djoser to implement these features - https://github.com/sunscrapers/djoser/pull/725
It tries to fix a couple of things that have been proposed and suggested here, such as variable token length, standalone tokens, configurable serialisers, and configurable permissions.
While I totally understand and support the author's decision to update this lib only when they need it (tbh I think that's the only sane way of managing a open source repo by yourself - to build it for yourself), I feel discouraged to contribute when so many pull requests are on hold, so I hope the author does not take it personally that I take inspiration on his work to port this functionality to another project.
Hi, Is anyone (still) using this in production? It appears to be the most popular django passwordless / magic link package, but multiple security risks/improvements do not seem to get resolved: merging PR #86 (or #63) or integrating rate limiting / limited attempts (#100)?
(I found an earlier topic on this, where @aaronn indicated he was open to PR's, so I wonder if that got outdated? https://github.com/aaronn/django-rest-framework-passwordless/issues/98#issuecomment-991386293